China
Africa
Explore chapters and articles related to this topic
Security and Privacy-Enhancing Technologies for Blockchain and Cryptocurrency
Published in Brojo Kishore Mishra, Sanjay Kumar Kuanar, Sheng-Lung Peng, Daniel D. Dasig, Handbook of IoT and Blockchain, 2020
Debasis Gountia, Utkalika Satapathy
In the field of computer security, a man-in-the-middle attack is an attack where malicious people secretly relay and modify a transaction between two parties who believe they are directly making a transaction with each other without any interference [12]. For example, active eavesdropping, where the attacker produces an independent connection between these victims and relays a transaction between them to produce trust that they are doing transactions directly with each other over a private network, when in fact the entire transaction is controlled by the malicious people as shown in Figure 8.4. These intruders intercept all relevant transactions passing between these victims and throw in either a new malicious one or alter the aforementioned transactions.
Moral, Legal, and Ethical Issues of Technology in Education
Published in Manpreet Singh Manna, Balamurugan Balusamy, Kiran Sood, Naveen Chilamkurti, Ignisha Rajathi George, Edutech Enabled Teaching, 2023
In this, attackers sit in the center and try to interrupt the conversation by manipulating words and pretending to be a participant on either end. This break in privacy can cause damage to involved persons of the two-party communication process (Veracode, 2021). To avoid the man in the middle attack, never use public Wi-Fi connections (coffee shops, cafes, restaurants, and other open places) as well as Wi-Fi connections, without password protection. Immediately log out to all the secured websites link after use which may hold your private data (Imperva, 2021).
Person Authentication Based on Biometric Traits Using Machine Learning Techniques
Published in Sudhir Kumar Sharma, Bharat Bhushan, Narayan C. Debnath, IoT Security Paradigms and Applications, 2020
Gautam Kumar, Debbrota Paul Chowdhury, Sambit Bakshi, Pankaj Kumar Sa
IoT is nothing but a collection of devices that are connected with each other as well as the Internet. These devices collect each and every type of data, such as a person’s name, age, address, financial transition status, credit/debit card details, health information, and biometric data, and store them in the device. They also share these details with other devices whenever needed. The interconnected and inter-networking architecture of IoT makes it most vulnerable to attack. The following are the five common types of attacks that can be made in IoT [10]: Man-in-the-Middle Attack: In this type of attack, an attacker invades communication between the sender and the receiver, and the invader acts as an original sender and sends a fake message to the receiver, while the receiver thinks that he/she is getting a message from the actual sender.Botnet: A botnet is a network of devices integrated for remote control and malware delivery. This type of attack is used by hackers/criminals to steal personal data, banking information, and push emails [11].Denial-of-Service (DoS): This type of attack generally happens when a service that usually works is unavailable. At the time of unavailability, devices through botnet are programmed to request the service [12].Social Engineering: In this type of attack, the goal of an attacker is to get personal information such as email ID and bank account details from an individual. Attackers try to access the target system and install malicious software so that whenever authorized persons access the sensitive data, it can redirect these secure data to attackers.Physical Attack: Due to the distributed nature of IoT, most of the devices are used outdoors, and attackers try to tamper with hardware components [10].
EAAF: ECC-based anonymous authentication framework for cloud-medical system
Published in International Journal of Computers and Applications, 2022
Adesh Kumari, Vinod Kumar, M. Yahya Abbasi
There are following fundamental concerns in cloud based TMIS [14,15]: Impersonation attack: In this attack, an outsider strongly accepts the identifier of valid participants in the communication system.Session key security: In authentication framework, participant generates the session key which provides security and privacy in communication.Data confidentiality: The user's perceptive announcement should be available only for another valid user via communication network. Any outsider or attacker could not access it.Message authentication: This manages the integrity of message communication in Internet activities.User unlinkability: An user's true identifier should not be linked to other information and any attacker is unfit to rid the identifier of the users communications.Man-in-the-middle attack: In this attack, an attacker eavesdrops the communicated information and then tries to delete or modify contents of forwarded information to the receivers.Replay attack: In this attack, an outsider attempts to confound other certified participant by restating intercepted data. This attack corresponds to user where an uncertified third party data's transmitted information.Non-repudiation: In communication network, entities cannot deny the validated of their digital signature or a forwarding an information of a message that they managed.Anonymity: In communication channel, same identifier used for particular user which can guess or hack any attacker and misuse for future communication.